Bug 119984

Summary: groupdav resources stores (unused) password in clear text in .kde/share/config/kresources_groupwarerc
Product: kresources Reporter: Sebastian Reitenbach <itlistuser>
Component: groupdavAssignee: kdepim bugs <kdepim-bugs>
Status: CONFIRMED ---    
Severity: normal    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed In:

Description Sebastian Reitenbach 2006-01-12 17:03:20 UTC
Version:            (using KDE KDE 3.5.0)
Installed from:    SuSE RPMs
OS:                Linux

the entered password in a groupdav resource configuration window is stored in clear text in the following file:
~/.kde/share/config/kresources_groupwarerc

due to security concerns this is in no way good, especially as it is not used anyway:
http://bugs.kde.org/show_bug.cgi?id=100451

suggestion: remove the password entry field from the groupdave resource configuration interface. The http password authentication will popup and ask for a password. If I want to save it, the kdewallet is used then.
Comment 1 Reinhold Kainhofer 2006-11-02 19:06:49 UTC
Reassigning all KOrganizer bug reports and wishes to the newly created 
korganizer-devel mailing list.